CSPL-3964: Removing some (seemingly) unecessary stuff.

Author: gabrielm-splunk

.devcontainer/post-install.sh

@@ -21,13 +21,11 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"path/filepath"
 	"time"
 
 	intController "github.com/splunk/splunk-operator/internal/controller"
 	"github.com/splunk/splunk-operator/internal/controller/debug"
 	"github.com/splunk/splunk-operator/pkg/config"
-	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -82,9 +80,6 @@ func main() {
 
 	var tlsOpts []func(*tls.Config)
 
-	var metricsCertPath, metricsCertName, metricsCertKey string
-	var webhookCertPath, webhookCertName, webhookCertKey string
-
 	flag.StringVar(&logEncoder, "log-encoder", "json", "log encoding ('json' or 'console')")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
@@ -98,34 +93,6 @@ func main() {
 		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
 	flag.BoolVar(&secureMetrics, "metrics-secure", false,
 		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
-	flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.")
-	flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.")
-	flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.")
-	flag.StringVar(&metricsCertPath, "metrics-cert-path", "", "The directory that contains the metrics server certificate.")
-	flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.")
-	flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.")
-
-	var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher
-	webhookTLSOpts := tlsOpts
-
-	if len(webhookCertPath) > 0 {
-		setupLog.Info("Initializing webhook certificate watcher using provided certificates",
-			"webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey)
-
-		var err error
-		webhookCertWatcher, err = certwatcher.New(
-			filepath.Join(webhookCertPath, webhookCertName),
-			filepath.Join(webhookCertPath, webhookCertKey),
-		)
-		if err != nil {
-			setupLog.Error(err, "Failed to initialize webhook certificate watcher")
-			os.Exit(1)
-		}
-
-		webhookTLSOpts = append(webhookTLSOpts, func(config *tls.Config) {
-			config.GetCertificate = webhookCertWatcher.GetCertificate
-		})
-	}
 
 	// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
 	// More info:
@@ -140,7 +107,7 @@ func main() {
 		// as certificates issued by a trusted Certificate Authority (CA). The primary risk is potentially allowing
 		// unauthorized access to sensitive metrics data. Consider replacing with CertDir, CertName, and KeyName
 		// to provide certificates, ensuring the server communicates using trusted and secure certificates.
-		TLSOpts:        webhookTLSOpts,
+		TLSOpts:        tlsOpts,
 		FilterProvider: filters.WithAuthenticationAndAuthorization,
 	}
 
@@ -189,25 +156,6 @@ func main() {
 	// Apply namespace-specific configuration
 	managerOptions := config.ManagerOptionsWithNamespaces(setupLog, baseOptions)
 
-	if len(metricsCertPath) > 0 {
-		setupLog.Info("Initializing metrics certificate watcher using provided certificates",
-			"metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey)
-
-		var err error
-		metricsCertWatcher, err = certwatcher.New(
-			filepath.Join(metricsCertPath, metricsCertName),
-			filepath.Join(metricsCertPath, metricsCertKey),
-		)
-		if err != nil {
-			setupLog.Error(err, "Failed to initialize metrics certificate watcher")
-			os.Exit(1)
-		}
-
-		metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) {
-			config.GetCertificate = metricsCertWatcher.GetCertificate
-		})
-	}
-
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), managerOptions)
 
 	if err != nil {
@@ -275,22 +223,6 @@ func main() {
 	}
 	//+kubebuilder:scaffold:builder
 
-	if metricsCertWatcher != nil {
-		setupLog.Info("Adding metrics certificate watcher to manager")
-		if err := mgr.Add(metricsCertWatcher); err != nil {
-			setupLog.Error(err, "Unable to add metrics certificate watcher to manager")
-			os.Exit(1)
-		}
-	}
-
-	if webhookCertWatcher != nil {
-		setupLog.Info("Adding webhook certificate watcher to manager")
-		if err := mgr.Add(webhookCertWatcher); err != nil {
-			setupLog.Error(err, "Unable to add webhook certificate watcher to manager")
-			os.Exit(1)
-		}
-	}
-
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")
 		os.Exit(1)

cmd/main.go

@@ -134,116 +134,4 @@ patches:
 # More info: https://book.kubebuilder.io/reference/metrics
 - path: manager_metrics_patch.yaml
   target:
-    kind: Deployment
-# Uncomment the patches line if you enable Metrics and CertManager
-# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
-# This patch will protect the metrics with certManager self-signed certs.
-- path: cert_metrics_manager_patch.yaml
-  target:
-    kind: Deployment
-
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-- path: manager_webhook_patch.yaml
-  target:
-    kind: Deployment
-
-replacements:
- - source: # Uncomment the following block to enable certificates for metrics
-     kind: Service
-     version: v1
-     name: controller-manager-metrics-service
-     fieldPath: metadata.name
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: metrics-certs
-       fieldPaths:
-         - spec.dnsNames.0
-         - spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 0
-         create: true
-     - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor
-         kind: ServiceMonitor
-         group: monitoring.coreos.com
-         version: v1
-         name: controller-manager-metrics-monitor
-       fieldPaths:
-         - spec.endpoints.0.tlsConfig.serverName
-       options:
-         delimiter: '.'
-         index: 0
-         create: true
-
- - source:
-     kind: Service
-     version: v1
-     name: controller-manager-metrics-service
-     fieldPath: metadata.namespace
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: metrics-certs
-       fieldPaths:
-         - spec.dnsNames.0
-         - spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 1
-         create: true
-     - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor
-         kind: ServiceMonitor
-         group: monitoring.coreos.com
-         version: v1
-         name: controller-manager-metrics-monitor
-       fieldPaths:
-         - spec.endpoints.0.tlsConfig.serverName
-       options:
-         delimiter: '.'
-         index: 1
-         create: true
-
- - source: # Uncomment the following block if you have any webhook
-     kind: Service
-     version: v1
-     name: webhook-service
-     fieldPath: .metadata.name # Name of the service
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: serving-cert
-       fieldPaths:
-         - .spec.dnsNames.0
-         - .spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 0
-         create: true
-# +kubebuilder:scaffold:crdkustomizecainjectionns
-
- - source:
-     kind: Service
-     version: v1
-     name: webhook-service
-     fieldPath: .metadata.namespace # Namespace of the service
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: serving-cert
-       fieldPaths:
-         - .spec.dnsNames.0
-         - .spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 1
-         create: true
+    kind: Deployment